Ben via cygwin wrote:
> When I go to web page
>
> http://cygwin.com/
>
> then I can download CygWin from there (currently the file "setup-
> x86_64.exe").
>
> Unfortunately this file is just an installer which retrieves in turn
> several other files from Internet and remote servers.
>
> Since I have no overview what is downloaded from which server I distrust
> such installers in general.
I assume that each month you review the Microsoft Security Advisories, visit and digest the page for each individual update and then download and apply the .msu patches by hand, rather than trusting the highly fishy "Check for updates" feature of Windows Update?
You do have an overview: you get to pick the mirror, and the URL it will download files from is declared there. For example, my closest mirror is http://mirrorservice.org/sites/sourceware.org/pub/cygwin/ which you can browse online.
> I prefer full packages which contains everything needed and can be
> inspected in advance (e.g. by virus scanners) before actual installation.
The Cygwin installer downloads and saves the files - even a dumb filesystem-only virus scanner gets a chance to inspect the files.
> 99,9% of all software is offered in such a way.
That number is plucked out of your mind, and simply isn't true, even on Windows (there's the Microsoft Store and even third party packagers such as https://chocolatey.org/). Microsoft's own products on Windows are now distributed this way too (e.g. the Visual Studio Installer and the Office 365 installer).
> Why use Cygwin such a fishy distribution way?
Well, it's not fishy.
Cygwin is not an application, as another answer to your previous question pointed out, Cygwin is a library providing a Posix layer for applications on Windows. The setup program is an application for installing that library and then adding packages of programs which use it from a curated collection, but you can point the installer to your own collection if you wish.
> Is there really no full package to download?
The setup program includes a "Download" option which allows you to save the entire package repository locally, which you can use in future. Some of the mirrors (including the one I referenced above) also support rsync, which allows you to download the package repository and the installer from the website without running any Cygwin software initially.
Packages are updated quite frequently, and the entire repository is 10s of gigabytes - it would be impractical to offer a single file for download being updated so frequently.
David
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple